Nmap Network Scanning

SSL Options

In connect mode, this option transparently negotiates an SSL
session with an SSL server to securely encrypt the connection. This is
particularly handy for talking to SSL enabled HTTP servers, etc.

In server mode, this option listens for incoming SSL connections,
rather than plain untunneled traffic.

--ssl-verify (Verify server certificates)

In client mode, --ssl-verify is like
--ssl except that it also requires verification of
the server certificate. Ncat comes with a default set of trusted
certificates in the file
ca-bundle.crt.
Some operating systems provide a default list of
trusted certificates; these will also be used if available. Use
--ssl-trustfile to give a custom list. Use
-v one or more times to get details about
verification failures.

Ncat does not check for revoked
certificates.

This option has no effect in server mode.

--ssl-cert <certfile.pem> (Specify SSL certificate)

This option gives the location of a PEM-encoded
certificate files used to authenticate the server (in listen
mode) or the client (in connect mode). Use it in combination
with --ssl-key.

--ssl-key <keyfile.pem> (Specify SSL private key)

This option gives the location of the PEM-encoded
private key file that goes with the certificate named with
--ssl-cert.

--ssl-trustfile <cert.pem> (List trusted certificates)

This option sets a list of certificates that are trusted for
purposes of certificate verification. It has no effect unless combined
with --ssl-verify. The argument to this option is the
name of a PEM
file containing trusted certificates. Typically, the file will contain
certificates of certification authorities, though it may also contain
server certificates directly. When this option is used, Ncat does not
use its default certificates.